Not sure if any of you ever heard of ngmoco's Plus+ game social network on iPhone, well they were bought out by a japanese company who owns "Mobage", a mobile game network in Japan.. Now they're releasing games on Android, but every single one of their apps has every permission in the book, & they give no explanation for any of them.
Now I'd normally stay away, but they have one game I loved on iOS, Pocket Frogs, here's a link; http://0.mk/72868 check out the permissions tabs.
Is it safe? Is there any way to block all permissions in an app or disable them??
Thanks.
TL;DR, remove app permissions?
I clicked on it and the permissions they have in there now seem normal actually. Except for this one:
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
It looks like they might have removed quite a bit of the permission requests because in the reviews people were saying it requests "super user access" and stuff like that but when I read the permissions, that one isn't listed anymore.
Yeah, that's the one that bothered me the most, but hardly any of those are required for the app to run, it's just unnecessary & annoying for a game to have that many permissions
Is there any way to remove its permission to read contact data?
That app also requested SU access on my phone. I denied it and then immediately removed the app. There is no reason that game should require SU access.
There is a handy linux tool to list permissions that an APK uses via commandline called scanperms. I use it to check out what an app uses before installing.
URL is hxxp://tinyurl.com/cvo6dqw
Related
Decided to read the permissions my apps grant more closely since I installed some with black?nd trust because I had them on my iPhone.
As you would expect many of these apps such as Pandora had quetionable permissions, ie pandora can send emails anonymously from your device, I'm rooted and all that good stuff so I'm looking for a way to maybe block certain app permissions.
Sent from my MB860 using XDA App
ertDeath said:
Decided to read the permissions my apps grant more closely since I installed some with black?nd trust because I had them on my iPhone.
As you would expect many of these apps such as Pandora had quetionable permissions, ie pandora can send emails anonymously from your device, I'm rooted and all that good stuff so I'm looking for a way to maybe block certain app permissions.
Sent from my MB860 using XDA App
Click to expand...
Click to collapse
LBE Privacy.
It's free and shows the specific permissions that apps ask for, and you can accept, reject, or prompt for use when they're requested. I like the prompt option because you can see that most apps don't actually use the permissions they've included. They're probably packages that are included in development for 1 or 2 functions that are completely harmless, but the packages include things that do require permissions. Hence, you need to be told about it.
Only thing about LBE that gets annoying is that it needs you to update permissions for EVERY app that gets updated. I still stick with it though because it is nice to know what's going on with your apps.
Couldn't recommend it enough.
https://market.android.com/details?id=com.lbe.security&feature=search_result
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Kblavkalash said:
Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Kblavkalash said:
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
edit
MichaelTunnell said:
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Click to expand...
Click to collapse
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Security Apps
Hi,
in my eyes the best way is to use programs like PDroid. You cann adjist the rights of every App regarding send SMS for example.
LBE Privacy Guard may be also an Option. (runs not on my Device - SGS+)
(i use Pdroid 2.0)
you should also read the comments in the store, and the needed rights from the app before install. The best Apps to trust are open source apps.
Kblavkalash said:
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Click to expand...
Click to collapse
Research generally involves a Google search...
Editor's Choice in the market are safe bets, you know, the blue icon.
But then there are the millions of other apps, and frankly, I tend to toe the app name plus xda for instance, Google will show you xda threads about the app, if the posts are normal, you can be sure it's not malicious.
Stuff like that...
Also, fake market comments are really easy to spot and are a dead giveaway
Sent from my GT-I9000 using xda premium
I want to develop an app with the following design:
The app will have some permissions (for example A- read the contact list B- use the Camera C- use the GPS location)
I want the app to contain 3 Mini apps that each of the mini apps has different permission. (Each of the mini app when activated download data from my server and request permissions, and I want that each one of the mini apps could get access only to one permission)
Can I do that ? how complicated the solution would be?
Do you know any apps the behave the same?
Thanks
Joe
Please respond
I cant post on other forums
thanks
Joe McCain said:
I want to develop an app with the following design:
The app will have some permissions (for example A- read the contact list B- use the Camera C- use the GPS location)
I want the app to contain 3 Mini apps that each of the mini apps has different permission. (Each of the mini app when activated download data from my server and request permissions, and I want that each one of the mini apps could get access only to one permission)
Can I do that ? how complicated the solution would be?
Do you know any apps the behave the same?
Thanks
Joe
Click to expand...
Click to collapse
It is not possible to define permissions for 'parts' of apps, permissions defined in the manifest cover the whole app, you would have to just write these as three separate apps
clarification
zacthespack said:
It is not possible to define permissions for 'parts' of apps, permissions defined in the manifest cover the whole app, you would have to just write these as three separate apps
Click to expand...
Click to collapse
Ok, so lets assume that I want to build my own mechanism to grant to permissions to each and every mini-app, can I build that kind of mechanism? or if someone will try very hard he can use unauthorized permission?
Thanks
Joe
Joe McCain said:
Ok, so lets assume that I want to build my own mechanism to grant to permissions to each and every mini-app, can I build that kind of mechanism? or if someone will try very hard he can use unauthorized permission?
Thanks
Joe
Click to expand...
Click to collapse
The issue is how android actually handles permissions.
It does so using the normal Unix/Linux users and groups, when you install an app this app is given its own user, and the permissions it requires are related to groups which the user for that app is added to.
In this sense one apk is treated as an App thus you can not have more than one different set of permissions for the same apk
...
zacthespack said:
The issue is how android actually handles permissions.
It does so using the normal Unix/Linux users and groups, when you install an app this app is given its own user, and the permissions it requires are related to groups which the user for that app is added to.
In this sense one apk is treated as an App thus you can not have more than one different set of permissions for the same apk
Click to expand...
Click to collapse
but If I build my own mechanism in the app code? for example I design the app that every miniapp should get its input through a main service, can I assure that the miniapp wont get input it doesn't need? or it wont be a problem for my "vendor" to pass my service and get the permission it needs
I hope that I'm clear
Joe
Hi there,
I am a newbie with Android and smart phones.
As an old-school tech, from Windows 3.0 to Gnu/Linux, I want for long time avoid all GAFAM stuff and keep a bit of privacy and security.
I came across the Exodus site and try to find app with zero tracker and minimum permission.
Do you care about that?
Do you use FOSS apps?
Do you have a list of usual apps that fulfill your need AND privacy?
Any help, advise, list of apps (browser, messaging, files management, maintenance, ...) are welcome.
Thank you
IMHO it doesn't matter where you fetch apps from: F-Droid, Google Play Store, etc.pp.
Apps typically request normal premissions and dangerous permissoins.
Dangerous persmissions are
READ_CALENDAR
WRITE_CALENDAR
CAMERA
READ_CONTACTS
WRITE_CONTACTS
GET_ACCOUNTS
ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
RECORD_AUDIO
READ_PHONE_STATE
READ_PHONE_NUMBERS
CALL_PHONE
ANSWER_PHONE_CALLS
READ_CALL_LOG
WRITE_CALL_LOG
ADD_VOICEMAIL
USE_SIP
PROCESS_OUTGOING_CALLS
BODY_SENSORS
SEND_SMS
RECEIVE_SMS
READ_SMS
RECEIVE_WAP_PUSH
RECEIVE_MMS
READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE
and only become activated if user clicks ALLOW to them: so it's on user what permissions can be used by an app.
So-called normal permissions get allowed by default without any user interaction.
jwoegerbauer said:
and only become activated if user clicks ALLOW to them: so it's on user what permissions can be used by an app.
So-called normal permissions get allowed by default without any user interaction.
Click to expand...
Click to collapse
I you sure only normal permissions get allowed by default without any user interaction? and where can I separately allow or deny them? Is there a place where all these permissions are explained and what I'll block in the app when denied?
What about tracker? Is it possible to deactivate them?
I think trackers are more intrusive than permissions. Am I right?
MrNice said:
I you sure only normal permissions get allowed by default without any user interaction? and where can I separately allow or deny them? Is there a place where all these permissions are explained and what I'll block in the app when denied?
What about tracker? Is it possible to deactivate them?
I think trackers are more intrusive than permissions. Am I right?
Click to expand...
Click to collapse
Yes, only normal permissions get allowed by default, the apps will ask for the rest of them and you can deny them if you want. Also the only way to disable trackers is with aurora appwarden or trackercontrol, but sometimes the apps with disabled trackers could crash.
@MrNice
an app only can track you if it has the related Android permission granted to do so.
The Penguin said:
Also the only way to disable trackers is with aurora appwarden or trackercontrol,
Click to expand...
Click to collapse
jwoegerbauer said:
an app only can track you if it has the related Android permission granted to do so.
Click to expand...
Click to collapse
Hummm, for me, these 2 sentences look like an oxymoron.
Could you explain?
My last 2 cents here:
An app doesn't have trackers, it only has granted permissions, but an app may behave as tracker - where it doesn't matter whatever it will track - if it got granted the related permissions.
Have a nice day.
I use Karma Firewall to log/see what's accessing the internet and block it if needed.
Many don't need internet access to be functional.
Some of the worst offenders I uninstalled.
Gookill is the worst offender, I keep Google play Services and Playstore disabled 99% of the time.
Some freeware apps are perfect. They do nothing except what they're suppose to do and never attempt internet access; keepers.
I use App Ops sometimes to restrict permissions for certain applications. And I don't think it gives me enough control. For instance, if I want to completely take away an application's permission to play audio, I have NO option to do that. Yet I can do it with a command line. And then when I do that and look at the app in App Ops, all of a sudden App Ops knows that permission exists, whereas before it played ignorant. But command lines, contrary to what Linux users have hypnotized themselves into believing, are about the least user friendly way to interface with a device. I don't want to worry about remembering commands, remembering syntax, and typing everything perfectly with no spelling mistakes every time I want to do a simple job. And I wonder: if App Ops isn't telling me about a simple, useful permission like this one, what other useful permissions is it hiding from me? Could I, for instance, forbid the package installer from changing my screen orientation every time it runs? Where could I even find a full list of android permissions? When I try looking up lists like that, I don't see PLAY_AUDIO anywhere, so I know they're not complete.
Is there any App Ops manager that gives me the option to change ALL permissions, not just the permissions it thinks I want?
FailSafeNow said:
I use App Ops sometimes to restrict permissions for certain applications. And I don't think it gives me enough control. For instance, if I want to completely take away an application's permission to play audio, I have NO option to do that. Yet I can do it with a command line. And then when I do that and look at the app in App Ops, all of a sudden App Ops knows that permission exists, whereas before it played ignorant. But command lines, contrary to what Linux users have hypnotized themselves into believing, are about the least user friendly way to interface with a device. I don't want to worry about remembering commands, remembering syntax, and typing everything perfectly with no spelling mistakes every time I want to do a simple job. And I wonder: if App Ops isn't telling me about a simple, useful permission like this one, what other useful permissions is it hiding from me? Could I, for instance, forbid the package installer from changing my screen orientation every time it runs? Where could I even find a full list of android permissions? When I try looking up lists like that, I don't see PLAY_AUDIO anywhere, so I know they're not complete.
Is there any App Ops manager that gives me the option to change ALL permissions, not just the permissions it thinks I want?
Click to expand...
Click to collapse
Did you ever checked if App Manager suits your needs?
App Manager - Android package manager | F-Droid - Free and Open Source Android App Repository
A full-featured open source package manager for android.
f-droid.org
Oswald Boelcke said:
Did you ever checked if App Manager suits your needs?
App Manager - Android package manager | F-Droid - Free and Open Source Android App Repository
A full-featured open source package manager for android.
f-droid.org
Click to expand...
Click to collapse
That's pretty darn good. I think I'll get a lot of usage out of that.
No permission relating to screen orientation, though?